|
|
Why not telnet access?
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Australia
Status:
Offline
|
|
I am wondering if remote login HAS to be via SSH.
If there anyway to make it accessable via telnet aswell?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Edmond, OK USA
Status:
Offline
|
|
Originally posted by IUJHJSDHE:
<STRONG>I am wondering if remote login HAS to be via SSH.
If there anyway to make it accessable via telnet aswell?
</STRONG>
All you have to do is to start the telnetd process (I think). SSH seems to be the better way to go nowadays and I think that Apple just wanted it to be standardized from the beginning. I think that PB had telnet running, but it was taken out.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Apr 2001
Status:
Offline
|
|
Originally posted by IUJHJSDHE:
<STRONG>I am wondering if remote login HAS to be via SSH.
If there anyway to make it accessable via telnet aswell?
</STRONG>
SSH is on by default when you check the remote login box in System Prefs.
To enable telent you need to modify the inetd.conf file.
1. Need root to edit this file
2. In the terminal type
sudo pico /etc/inetd.conf
3. Type in your root password.
4. Pico (text editor) will open this prefs file, so you can edit it. Look for:
#telnet
5. Remove the pound "#" character from before telnet
6. save changes
7. exit pico
8. restart
9. have fun, but use logs to make sure nobody is messing with your system. Telnet is insecure. Unless you are sure that you need this, stick to ssh.
10. see apple support docs for more information:
Knowledge Base: 106274
[ 04-24-2002: Message edited by: mismith ]
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Australia
Status:
Offline
|
|
Originally posted by mismith:
<STRONG>
SSH is on by default when you check the remote login box in System Prefs.
To enable telent you need to modify the inetd.conf file.
1. Need root to edit this file
2. In the terminal type
sudo pico /etc/inetd.conf
3. Type in your root password.
4. Pico (text editor) will open this prefs file, so you can edit it. Look for:
#telnet
5. Remove the pound "#" character from before telnet
6. save changes
7. exit pico
8. restart
9. have fun, but use logs to make sure nobody is messing with your system. Telnet is insecure. Unless you are sure that you need this, stick to ssh.
10. see apple support docs for more information:
Knowledge Base: 106274
[ 04-24-2002: Message edited by: mismith ]</STRONG>
Thanks, Great reply
I will try it now,
Just wondering, How is telnet insecure? (I know it is not secure but I am just wondering how so?)
<font color = red> <EDIT>: Hmm, I am looking at the file now, What does some of the other things do?
Like what would happen if
Shell
Login and
nntp ones do if the # is taken off?? </font>
[ 04-24-2002: Message edited by: IUJHJSDHE ]
<font color = red> <EDIT>:Ok I took of the # on telnet and that worked, Thanks!! </font>
[ 04-24-2002: Message edited by: IUJHJSDHE ]
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jan 2001
Location: usa
Status:
Offline
|
|
telnet is insecure because the login/pass is sent to the sever in an insecure fashion. All one needs to do is intercept the packet of info containing this and it is in plain text - very easy for a "hacker" to see and obtain a login/pass to your machine.
This is not hard to do, due to the way Ethernet works. Two machines on the same network want to contact each other. Instead of machine A calling machine B on its telephone (a direct contact), machine A yells out its front door "Hey, machine B, here is the info you wanted". Now, most ethernet cards are polite, and if they aren't named Machine B, ignore this info. Its not that they don't hear it, its that they just let it go in one ear and out the other. All one needs to do is a get a packet sniffer like EtherPeek (and yes, I've seen it on Hotline servers ) and start listening. Clear text passwords, especially from Telnet, will start flowing in.
SSH uses an alternate method. To extend the above analogy, Machine A yells out its front door "Hey, machine B, lets talk in our secret language. If you tell me the right login/pass in our secret language, then i will tell you that info that you wanted."
Basically, login/passes are encrypted, making it more difficult to use if they are intercepted. Also, I am sure there are other ways of intercepting packets, but the packet sniffer on ethernet is pretty easy.
Use SSH. Any unix/linux setup that has telnet will have SSH. Most telnet programs also come with SSH capabilities. I know Windows has the telnet command line program. Do your self a favor and get PuTTY SSH if running Windows.
As for the other services listed in inetd.conf, I am not really sure. I added the pop3 server on my computer. I assume the nntp is for a news server, as in newsgroups.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jan 2001
Status:
Offline
|
|
Just wondering, How is telnet insecure? (I know it is not secure but I am just wondering how so?)
The text that goes back and forth between the client and server is transmitted in clear text with telnet, that means, no encryption. Anyone with a sniffer could watch the traffic as it goes back and forth and grab fun things like logins and passwords.
SSH omn the other hand, encrypts the text before it goes over the wire, keeping it invisible to prying eyes.
- Mike
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Australia
Status:
Offline
|
|
Originally posted by nibeck:
<STRONG>
The text that goes back and forth between the client and server is transmitted in clear text with telnet, that means, no encryption. Anyone with a sniffer could watch the traffic as it goes back and forth and grab fun things like logins and passwords.
SSH omn the other hand, encrypts the text before it goes over the wire, keeping it invisible to prying eyes.
- Mike</STRONG>
That is exactly what I thought!!!!!!!!!
Just needed some verification!!!
Now about the what would happen if
Shell
Login and
nntp ones do if the # is taken off thing!
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Apr 2001
Status:
Offline
|
|
Originally posted by IUJHJSDHE:
<STRONG>
Now about the what would happen if
Shell
Login and
nntp ones do if the # is taken off thing! </STRONG>
Well they all add different services to your internet servers database.
I am no expert, but from some man pages...
-rlogin or login-
>rlogin establishes a remote login session from your terminal
>to the remote machine named hostname.
>Hostnames are listed in the hosts database, which may be
>contained in the /etc/hosts file, the Network Information
>Service (NIS) hosts map, the Internet domain name server, or
>a combination of these. Each host has one official name
>(the first name in the database entry), and optionally one
>or more nicknames. Either official hostnames or nicknames
>may be specified in hostname.
>Each remote machine may have a file named /etc/hosts.equiv
>containing a list of trusted hostnames with which it shares
>usernames
I think this allows you to "specify" or setup specific hosts or domains that are "trusted," and allowed to connect. This adds one level of security so you can allow only who you wish to connect. Still doesn't protect password though. Probaby slogin protects the password in addition. Like sftp vs. ftp.
Here is an online set of man pages (change arguments after last "?" to choose a different man page):
rlogin man page
"The Rshell component is used to execute commands on a remote Unix machine using the rshell mechanism."
(source: rshell)
Maybe nntp will allow you to host a net news server.
[ 04-24-2002: Message edited by: mismith ]
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2001
Location: Philly
Status:
Offline
|
|
Originally posted by IUJHJSDHE:
<STRONG>
That is exactly what I thought!!!!!!!!!
Just needed some verification!!!
Now about the what would happen if
Shell
Login and
nntp ones do if the # is taken off thing! </STRONG>
If you don't know rlogin, rshell, and the other r-services already, you really don't want to run them. They are worse than telnet, security-wise, and they are easier to mis-configure in a dangerous manner. In addition, telnet and the r-services don't offer you anything that can't be done by ssh. In fact, since ssh can be run as a web applet and includes sftp and scp, ssh offers far more capability as well as the added protection.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jan 2002
Location: Trondhjem, Norway
Status:
Offline
|
|
With unencrypted systems, how much information can a hacker (or possibly a network administrator) gain access to? Is it possible for him to put together files that was in transfer?
What about the popular filesharing systems like Hotline and Carracho? How (in)secure are they with respect to A) getting access to logins and B) packet sniffing of data in transfer.
|
���
|
|
|
|
|
|
|
|
Junior Member
Join Date: Apr 2001
Status:
Offline
|
|
Originally posted by alien:
<STRONG>With unencrypted systems, how much information can a hacker (or possibly a network administrator) gain access to? Is it possible for him to put together files that was in transfer?
What about the popular filesharing systems like Hotline and Carracho? How (in)secure are they with respect to A) getting access to logins and B) packet sniffing of data in transfer.</STRONG>
Assuming while "sniffing" the hacker was able to retrieve your username and pass, then they could login remotely and have access to whatever you have access to. I don't know if it is possible to allow access to certain files with a certain IP prefix for example, and not allow access when connected from outside the local network. Probably possible, but I would have no idea how.
Regarding "putting a file back together," probably more difficult, like going through a shredder and taping it back together. Not to mention he would have to have all of or most of the pieces. Though if you had what's his name from Pretender, he could put a whole trash can of shredded docs back together overnight.
I would think that carracho and hotline probably don't send username and pass securely, at least there doen't appear to be any secure host data sent or received.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Dec 2000
Location: Montreal, Quebec, Canada
Status:
Offline
|
|
To sniffing tcp packet you need to be on the same ethernet collision segment at the origine or the end computer of the connection. So you can't snif connection on a other computer on a switched network. You still can see every thing go throught your computer for fun with the tcpdump command.
try this:
sudo tcpdump -i en0 -X -s 1500 port 21 | grep PASS
check out for your password every time you make a FTP connection
[ 04-25-2002: Message edited by: BigMac2 ]
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2001
Location: Chico, CA and Carlsbad, CA.
Status:
Offline
|
|
Originally posted by BigMac2:
<STRONG>try this:
sudo tcpdump -i en0 -X -s 1500 port 21 | grep PASS
check out for your password every time you make a FTP connection</STRONG>
Cool, I can definitely see my own password being submitted to FPT sites... heh. I'm good to go if I want to hack my own password. That's a cool trick, dude.
|
"In Nomine Patris, Et Fili, Et Spiritus Sancti"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|